At least Apple buries the fact somewhere in some deep EULA (I guess). Google didn't ask anyone when it collected WIFI data, nor does it ask for permission when people use google's search engine (or 90% of the other sites on internet that have google analytics)

Well Hello there, Mr Double Standards Guy, Nice for you to drop by.....

Apple buries the fact >> Google Didn't ask permission? How are those even CLOSE to the same thing?

Let me fix it for you:Apple Didn't Ask Permission. Google tells you right up Front.

Go to Google.com. Right there, mid screen is a Privacy link [google.com].Click it and read. I'm astounded you've never seen this page before. Flabbergasted actually.

I'm sorry, but you don't have a reasonable expectation of privacy if you're broadcasting it in clear text for anybody to intercept. The reality is that no matter how they choose to spin it, it's really easy to accidentally intercept communications when they're not encrypted.

Next thing you'll tell me is that it's illegal to tape notes for yourself in public because somebody in the background might accidentally be audible while you're making a note.

I'm not telling you anything, but the law tells companies: (http://www.priv.gc.ca/information/guide_e.cfm [priv.gc.ca]) which requires commercial entities to follow certain best practices in collecting information that may contain Personally Identifiable Information (including consent for the specific uses to which it is going to be put, retention, encryption, etc)

If you're doing business in Canada it is your responsibility to know this law and Google violated it. Its not about how easy it is to collect the information, it is about ensuring you have the legal authorization to do so. Just because you CAN do something does not make it legal to do so.

Are you dense? The Wi-Fi standard allows for the encryption of payload, while the headers are always sent in the clear, regardless of whether users secured their networks or not.

Most people were not aware of this, and rightfully thought that setting their networks to be "secure" was enough to provide privacy. These people had a very reasonable expectation of privacy.

Google took advantage of this fact and logged SSID's, MAC and IP addresses of every wireless network it encountered, regardless of security status. It then used this information to map the precise location of each transmitter. Moreover, this information is used to detect the location of any user who happens to come from such networks, and all done without the consent or even knowledge of most users.

How is this acceptable to the myriad people who expected privacy from setting the secure bit on their routers?

"Stupid is a stupid does, sir." You get what you pay for, and if you can't be bothered to learn the rudiments of the technology you use, you shouldn't be using it. And "privacy" is a loaded term: Google wasn't cracking anybody's system, wasn't logging private information, wasn't breaking any encryption, they were logging plaintext broadcasts.

If you don't want even that minimal information tracked then turn off your goddamn router, or encase your premises in screen wire. And in any event, this is about Apple: we've already beat Google to death on this one.

It's not. It's totally, perfectly legal. But after 9/11, police started cracking down on anyone taking an "unusual interest" in large or famous structures. What's more, as your sibling points out below, structures where owners have think they own trademarks on their image hire rent-a-cops (often off-duty real cops) to harass photographers who take photos (citing bogus permits etc). Surprised you didn't have a problem in Boston.

I assume that you have never owned an iPhone. Turning off location services is pretty simple actually:
1. Navigate to the iPhone's home screen.
2. Locate and open the "Settings" app, the icon that looks like a gray set of gears.
3. Select the "Location Services" menu item, which is usually the fifth item from the top.
4. Turn off all iPhone location services by changing the "On/Off" switch next to "Location Services" to "Off."
You can also fine grain which apps are allowed access to that info and which ones aren't. If someone hasn't owned an iPhone you wouldn't know the process of what permission is asked and when. By default location services is turned off and you are prompted to sign off that you understand what you are doing when you turn them on. If you choose to ignore what that means or bypass it, that's your fault. I'm not an Apple apologist, but don't state something as fact when it isn't.

Err, how do you accidentally collect WiFi packets on platform whose ostensible purpose is to take photographs, and transmit them back via some other means (3g most likely) entirely?

They were mapping out WiFi network locations to assist with location services. A terrestrial GPS-like system, if you will. The Street View team basically included an old experimental bit of code in their WiFi system which, unbeknownst to them, actually recorded from all categories of publicly-broadcast WiFi data. They only intended to record SSIDs and MAC addresses of access points. They had no payload data from encrypted WiFi networks (if you have a password on your network, it is encrypted) and they had absolutely no data at all from encrypted networks not broadcasting an SSID. They wanted to delete the data they recorded as soon as it was discovered, but that data was at that point recognized as evidence so deleting it would be very illegal. They were basically forced to hold onto it until authorization from authorities allowed them to rid themselves of it.

So now you understand the purpose of what they were doing and that they had made a mistake. Do you not agree that Mistake != Malice?

Riiiiight, because governments are rushing to validate the statements of irrelevant slashbots (myself very much included) by disappearing them?

Maybe not the disappearing part but other than that it's spot on. Remember the case in which the FBI put a GPS logger on a students car because of some harmless commet on a blog? Yes, that is actually what "they" do.

Also, remember the case of the hacked playstation in which Sony subpoenaed the identities of all commenters for a video? It's not only governments that go after mere commenters.

Paranoid tinfoil hat wearers can't come up with conspiracies fast enough to catch up with reality.

You missed the part where he chased her and her partner down after the show, cornered them, and at one point smashed her glasses into pieces. It wasn't a joke, because he stalked her and continued to call her a raging dyke cunt and threaten her with death for her dykish ways, and attacked her. See, he was making dyke jokes and she booed him. His fine was not for the jokes but for the hour or more of harassment because she didn't like them. He wasn't even on fucking stage, he attacked her out of hate and prejudice. And if you think harassing people and smashing their property into pieces is free speech, you should post your address so people can harass you and smash up your car. Free speech, by not letting us know this vital information, you are denying our fundamental right to attack you!

For them and there partners to sell us stuff they think we want or need for our own good. I don't own an apple anything so this doesn't affect me directly but it will when every corporation starts to keep a track of us. Until the day comes when congress puts a leash on theses spying tactics,its only going to get worse. And as history teaches us it will take an act of congress to stop it. I don't want to be followed for advertising purposes. thats a service for THEM not us. anything like this must be opt in as we see it takes security experts to even find out there following us.

"By using any location-based services on your iPhone, you agree and consent to Apple's and its partners' and licensees' transmission, collection, maintenance, processing and use of your location data to provide such products and services," Sewall's letter reads, citing Apple's End User Agreement.
News? Not really. Unless you totally ignore the EULA. None the less, it is there.

Why is that even legal? What they're saying is that they will share your information with random third parties whether or not theirs any good reason to do so and fail to mention who exactly it is that they're sharing it with. On top of which they aren't promising that the 3rd parties will themselves be restricted to any sort of restrictions on what they do with it.

I realize that this gets attorneys all wet, but it's seriously fucked up that they can expect you to sign something like this and be held to it,

The keywords here are "location-based services". How do consumers know what location-based services they are using an how do they know how to turn them off? And, if you know anything about the iphone you'd know that even if you turn off location based services you are then constantly annoyed by prompts to allow them to use your location. As well, I'd consider using the phone a location-based service, so technically you can't turn it off because just dialing your phone or answering the phone means they ha

"In June 2010, Congressmen Edward J. Markey, D-Mass., and Joe Barton, R-Texas wrote a letter to Apple......In response the company's general counsel Bruce Sewall wrote a letter......"To provide the high quality products and services that its customers demand, Apple must have access to the comprehensive location-based information," Sewall told Congress in the letter."

"Apple also stores the location information in a database only accessibly to Apple, the letter says."

Sewall was lying or badly misinformed.

I'm not sure I would mind so much if all this data sharing with advertisers meant that I got my phone for free. I am irked that they expect me to provide advertisers with a wealth of data AND pay for the privilege. I might be switching to Android. I just wish the Android phones didn't feel so cheaply built. Or perhaps someone does make one with a gl

It is OK to keep a log of the devices whereabouts... on the device. It is not OK to transfer that data to another entity without explicit permission of the devices owner... and better ask one time too often for that permission...

I've looked at the table from my iphone. Its primary key is the tuple {MCC, MNC, LAC, CI}, which, if you google for you will find, is the "Cell Global Identity (CGI) identifier". The table has one entry per CGI. Each record has a timestamp, coordinates, and error estimates. The timestamp is not the time at which the cell was last encountered. The table has large chunks (weeks) of time missing. This is especially true when I am not traveling. There are many records from around my home and work, but most do not have recent timestamps. Apparently, new records are added as the phone encounters new cells. This does not appear to be a continuous process as there are gaps in space between clusters in cell-rich areas I have travelled through. Also, there are records from places over 100 km from where I've been.
From this data, you can get a rough estimate of when and where I have been. But the more often I visit an area and/or the longer I am there, the less precise in time the estimate becomes. Combine this with data points that can be 100 km off, and the position becomes untenable that this is a log of your whereabouts.
Apparently, Android logs the last 50 cells encountered *AND* sends this log to Google.

Apple is doing it for the users regardless if they want it or not. Why not give them the ability to purge the data let them delete or purge the data regardless if they want it or not. It could be simple option somewhere that does not take away from the pristine user experience.

I call bullshit on the whole thing anyway. A database of where I was last week/month/year has very little benefit to advertisers. Any benefit it does have is far overshadowed by the users personal privacy of having that data available to Apple and whoever else can access that info. What if my bank account balance was available to them, sure, it would help advertisers but what is the downside to my privacy to give that info up?

A database of where I was last week/month/year has very little benefit to advertisers.

You are short on imagination. If I know what you are doing now, and I know what you were doing last year, then I can try to identify people who will be doing what you are doing now based on the similarity of what they're doing now to what you were doing a year ago and sell them stuff that you buy now.

Apple should have said what this really is about: Your iDevice can't determine its position by using the MAC addresses of nearby WiFi points unless Apple knows the locations of those WiFi points. And Apple's servers can't tell your iDevice where it is right now, unless the iDevice gives them the information that Apple's servers need to determine the location of your iDevice.

I wonder if all those people who helped OpenStreetMap are aware that OpenStreetMap knows the exact location where they were when they collected the data.

On the other hand, there is a website know where you can enter the MAC address of a router, and it will give you the location of that router, based on data on Google's servers. I hope Apple doesn't allow the same thing. I would hope even more that Google would put a stop to this. According to what Apple says, this is a black box: Only when the location software in the iPhone OS asks for the information about routers that are physically nearby will it receive location information. And in that case, anyone with a working GPS could have the same information anyway, so this is no privacy breach.

I will concede the debate that permanently logged location information is required to run the features consumers want. I think it's false, and I think it's about iAds, but I'll concede it.

However, the lack of encryption or even simple hashing on this database is inexcusable. Unencrypted copies stored on every computer an iOS device syncs to! Inexcusable, irresponsible, sloppy software. A product which flings around my private data that way is a broken product, regardless of which features it offers. This is a stalkers dream. This will appear in every divorce court (That database is jointly owned property!). This will be used to bully and out gay college roommates (Physical access to your desktop? Yup). This will be used to keep tabs on employees work habits (Have iTunes on a work computer? Burned).

Apple made terrible software, and they are now informing us that they will continue to do so.

Why on earth would you have iTunes on a work computer? You've got an iPhone, listen to music on that. Then you could have a phone charger at work, which won't leak any personal information except that you have an iPhone.

With that said, there is no excuse for leaving this data lying around on the user's computer. iTunes won't do anything for the user with it. Send it to Apple if Apple must have it, then remove temp files. I can see why you'd want to keep a log on the phone, but not why it needs to appear on

You may need to have it if your employer uses iOS products. iTunes is required to activate an iPhone (or iPad), as well as for backing up the on-device storage and doing certain other things. I have a work-issued iPhone and I'm actually required to have iTunes on my work PC for syncing the iPhone and loading on corporate-signed apps from outside the public app store.

Wow, what a powerful use of the jump to conclusions mat. You just did the equivalent of "think of the children".

If your roommate would rummage your computer to determine if you are gay, they'd rummage your other personal effects which they also have access to and find out anyway.

And if company I work for is the type to keep tabs on me, I wouldn't sync my iPhone with my work computer, even if I did have iTunes on it. And if I did sync to my computer there wouldn't I check the "encrypt iPhone backups" box?

So Apple is beginning to reply over this blackeye. Excellent. Other posters have asked "who is the customer?" and that is a perfectly legitimate question. There ought at least have been some sort of consumer opt-out ala "DO_NOT_TRACK".

But beyond that, even granting _arguendo_ legitimacy to targetted advertising, what possible useful purpose do the detailed timestamps serve? A file with locations (when different from previous) would be equally as useful. Timestamps are for tracking & snooping, not local service advertising. If that were even ethical.

This argument is relatively important to Apple -- they might well be accused of "unauthorized access to computing systems" (aka cracking) unless they can show the tracking is somehow essential to the access they have been authorized (OS & app services). Just because they're a mfr/OS vendor does not grant them automatic permission to do what they want. The law is not written that way, and penalizes those whose use exceeds the owner's authorization.

Using apps like Little Snitch, it's trivial to block the server requests (which happen about once a day) that the OS is making when it tries to 'phone home'.

They actually come in groups of three, including iphone-wu.apple.com, location.apple.com or something of that ilk.

This is obviously much more of an issue on any iOS device, where the user has little to no control of what's taking place behind the fancy window dressing, and for which no such firewall is made available for purchase through Apple's app store that I know of.

Anyway, for a computer that's staying in one place, a case could be made for the lack of need to know it is staying there all the time. Butt off my activities unless you give me the opt-in choice to be the one that decides whether to provide your company with this information or not. In fact, it could be argued that for home computers the only use for this sort of stuff is targeted advertising somewhere down the road, once users have accepted the idea that being tracked is normal.

I am fine with such apps making use of my current location. After asking me nicely, that is. And all apps on the iPhone do that: the first time (or 2 times) you use them you'll get a popup asking permission to use the current location. That is not quite the same thing as the phone tracking my location without my knowledge, and tracking that location over time to boot.

Obviously many apps for the iPhone REQUIRE location information because that's the whole point of the app.

They need to know my current location. Period. My every step for the past six months, not so much.

Not to say I can't think of uses that do need to record your movements (apps like jogging logs come to mind), but those don't apply to the vast majority of people and, once installed, can do their own - user initiated - tracking.

If you feel differently, then click the "don't allow" button when prompted.

Does the iPhone actually have such a button (in general, not just relating to tagging pictures)? If so, I would agree with you that this amounts to nothing but clueless end-users. I do not suspect that as the case, however.

There is way to keep disallowing it, but every... single... time that an app requests your location, you will be prompted that "BLah blah blah app is requesting access to your location information" or some such message (i don't use an iphone, my wife does). The first time you click allow, that app will have rights to access your stuff forever and ever and ever. Want to find a starbucks because you're draggin? The first time you click allow to find your closest over-priced java provider will be the last time

Where's the preference which says "please don't store my information forever, and don't send it to Apple so that they can store it forever + give it to any other business partner (including the police for a profiling database) who they decide would like to know where I've been."? Besides, there's no way to disable all location information, as a cell phone will be connected to a tower pretty much all the time, which identifies your location down to within a couple of miles. And this database, if you've rea

It's not sent to Apple. It is stored on the device and the computer it syncs with.

It's been mentioned elsewhere, this is very likely a bug and not designed behavior. The file in question is meant to be the location cache and should be operating much like the cache on Android, only the deletion has not been happening.

But why on earth is that information kept? They could easily just dump old information, I'm thinking maybe 24hours. And phone owners should be able to turn this feature on or off as they please!

You post on Slashdot and can't think of a reason why? iPhones with GPS help updating Apple's database by reporting precise information about nearby routers to Apple's database. Now you don't want your phone to report the same information over and over and over again. Like my phone sending exactly where my neighbours' routers are every five minutes. And all the routers on my way to work twice every day. So how do you avoid this? You keep a list of known locations that you have sent, and don't send that infor

that was my thought. I was withholding judgement until Apple actually opened their mouths.

apparently they decided to stick their feet into their mouths.

then again there is no indication that apple actually gets any of the location data. unlike google which only keeps a few days locally but transmits it to google regularly(who knows how many days they store at google) .

that was my thought. I was withholding judgement until Apple actually opened their mouths.
apparently they decided to stick their feet into their mouths.

It's called "quote mining". The explanation* [house.gov] for the location data is really quite straightforward. Apple isn't doing anything here that isn't also being done by Google, only the method varies.

No his argument is that if you are outraged that Apple does it, then you should be outraged that anyone else does it like Google. If you are willing to give Google a free pass but not Apple, then you have a bias.

Apple didn't open their mouths on this "hidden file". The quote being used was a response to a question from a Congressman last year, around the time that they changed agreements to allow them to collect data around the launch of the iAd product.

Now perhaps their stance is the same on this issue, but if you're reserving judgement until they respond, then you should still be reserving judgement. The quote in the article was talked about extensively here a year ago, so there is no new information coming to

and of course the 3rd one that Apple do not want to think about:
3. Thieves can use it, to know when your house is empty.

It's not this file with their GPS that will help thieves, it's those stupid apps that post to Facebook and Twitter saying "BillyBob is at Starbucks on the corner of Main and Market with SusieQ!" Whee! That means BillyBob isn't HOME and I know from a status update last week that he has a new 50" plasma he just got from BestBuy! And from all the PICTURES he posts on his profile I have a workable map of his HOUSE and I know he lives ALONE and only has a lazy cat and not a vicious dog.

How many crooks will go through the trouble to leverage this file when there is so much low hanging fruit? None. The eerie thing about this file is a) What is it REALLY used for? I mean today. Advertising my ass. and b) Potential use of this data. To me it smells just like ISP log files and Dropbox back door encryption keys.

Each day I see things come about that makes the "fictional" big brother tracking technology shown on movies and tv like Enemy of the State and 24 look a little less like fiction.

Apparently having an iPhone will make it conceivable to know not only where you are now, but where you have been. Every day. For a long time. Couple this with those cell phone analyzers the Michigan police reportedly have. Think about it. http://www.thenewspaper.com/news/34/3458.asp [thenewspaper.com]

Next computer and phone will not be a mac then./previous Apple customer.

I'm sorry, but your response pretty much proves that you are full of shit. A *TRUE* Apple customer would not respond the way you did, so I call "bullshit" on your post. I do not believe you own *any* Apple products.

You are a known troll but I'll respond anyway; Apple users CAN get better. For me it took the insult that was the Quadra when PC users were getting real processors and not something that came out of a cereal box. I mean, the 68040 would have been a really righteous upgrade to me back when I had a 68020 Amiga... And instead of getting with the times right away, maybe demanding Motorola price-shrink the '060, they instead took DAMN NEAR FOREVER to bring out PowerPC machines, most of which did not conform to a

The creators of the 'iPhoneTracker' app (Alasdair Allan and Pete Warden) which analyses the data stored and represents it visually on a map have done some extensive research into this and have found no evidence that the data is transferred across the network to Apple, or anyone else.

That's not to say that I feel comfortable about the data being stored for so long in the first place, but suggesting that it's being collected and stored on Apple's ser

I couldn't care less if Apple, a private investigator, or the US government knew my precise location 24/7. I'm not cheating on my wife, I'm not wanted by the FBI, and I'm not hiding from the IRS. So why would I give a shit?

You're obviously a moron so no amount of logic is going to change your mind. After all the information is already out there and you've chosen to ignore it so far.

Once everyone is logged and cataloged then police don't have to do their jobs anymore. Defense will change from "innocent until proven guilty" to "guilty until proven innocent based on a preponderance of the evidence". It has already happened, the most famous being finger prints. Finger prints are unique but matches are usually based on a few key markers. There have been plenty of cases where paper pushing monkeys blindly accept these key markers in cases to convict people. They had to hire professionals at their own expense to fight the system.

I just hope your iPhone whereabouts a linked to a high profile murder with no other suspects. The police will be pressured to get a conviction and with no other leads they will ride you like a $12 hooker trying to get you to confess... guilty or not. Sure you will most likely be found innocent, but that's after thousands of dollars in legal bills and having your like turned upside down.

The police government employees AND they're lazy. I wouldn't want them having this information. It's probably the first database they'll mine for leads rather than getting off their asses.

I agree with you in general, and I think a lot of the paranoia over privacy is overblown or even harmful. But there are legitimate reasons why location privacy is a good idea. The standard examples are abusive spouses, stalkers, closeted homosexuals in hostile territory, and nosy employers, and I'm sure there are a lot more. Those are all real problems, and none of them are going to disappear in the lifetime of a consumer electronics device.

Mr. Clarke's research implies that cell tower and Wi-Fi network locations are recorded, but phone location is *not* recorded, in the file at issue.

Of course, if you request the location of nearby restaurants via iPhone app, then your location is must be determined. I have seen no proof that user accessible *device* location data is stored.

If such data were available, why would an application like "Trails - GPS Tracker" ever need to "Resume recording"?

When looking at the data stored in that DB on my iPhone I came to exactly the same conclusion. The iPhone builds a local network topography map of cell towers and WiFi base stations to avoid having to look up that data over and over again from the databases at Google and SkyHook (as Android does it). Not more, not less.

And this is not only faster than accessing external databases and consumes less power, it also does NOT leak your location data to these service providers. Whenever a phone (or another device